US9450971B2ActiveUtilityA1

Device, system, and method of visual login and stochastic cryptography

Assignee: BIOCATCH LTDPriority: Nov 29, 2010Filed: Jul 8, 2014Granted: Sep 20, 2016
Est. expiryNov 29, 2030(~4.4 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 2463/082G06F 3/0486H04L 63/0428H04W 12/06G06F 3/0481G06F 3/04886G06F 2221/2133G06F 21/316G06F 3/04842G06F 21/31H04L 63/1408H04W 12/63
94
PatentIndex Score
32
Cited by
39
References
25
Claims

Abstract

Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 differentiating between a first user and a second user of a computerized service, by performing: 
 presenting an on-screen visual login interface which requires a user of the computerized service to interact with user interface elements in order to enter user login credentials for said computerized service; 
 monitoring interactions of said used via an input unit with said user interface elements of said on-screen visual login interface; 
 extracting from said interaction of the user via the input unit, a user-specific trait indicating a user-specific manner of interaction with said on-screen visual login interface; 
 based on the extracted user-specific manner of interaction, differentiating between a first user and a second user of said computerized service; 
 wherein the presenting comprises: presenting an on-screen vault interface having one or more on-screen cylinders; and generating an on-screen interface that allows the user to selectively rotate the one or more on-screen rotatable cylinders in order to input a Personal Identification Number (PIN) that the user desires to enter; 
 wherein the monitoring of interactions comprises: monitoring a manner in which the user performs rotations of the one or more on-screen rotatable cylinders, and extracting a user-specific trait from said rotations. 
 
     
     
       2. The method of  claim 1 , wherein the presenting comprises:
 presenting an on-screen keypad of digits, and an on-screen target zone; 
 generating a drag-and-drop interface that allows the user to selectively drag individual digits, which correspond to a Personal Identification Number (PIN) that the user desires to enter, from said on-screen keypad to said on-screen target zone; 
 wherein the monitoring of interactions comprises: monitoring a manner in which the user performs drag-and-drop operations of said individual digits, and extracting a user-specific trait from said drag-and-drop operations of individual digits. 
 
     
     
       3. A method comprising:
 differentiating between a first user and a second user of a computerized service, by performing: 
 presenting an on-screen visual login interface which requires a user of the computerized service to interact with user interface elements in order to enter user login credentials for said computerized service; 
 monitoring interactions of said used via an input unit with said user interface elements of said on-screen visual login interface; 
 extracting from said interaction of the user via the input unit, a user-specific trait indicating a user-specific manner of interaction with said on-screen visual login interface; 
 based on the extracted user-specific manner of interaction, differentiating between a first user and a second user of said computerized service; 
 wherein the method comprises: 
 injecting a user interface interference to an operation of said user interface elements; 
 monitoring a corrective reaction of the user to the injected user interface interference; 
 extracting a user-specific trait corresponding to said corrective reaction; 
 based on the user-specific trait corresponding to said corrective reaction, differentiating between the first user and the second user of said computerized service; 
 wherein the presenting comprises: presenting an on-screen vault interface having one or more on-screen cylinders; and generating an on-screen interface that allows the user to selectively rotate the one or more on-screen rotatable cylinders in order to input a Personal Identification Number (PIN) that the user desires to enter; 
 wherein injecting the user interface interference comprises: injecting a user interface interference to an operation of said rotatable cylinders; 
 wherein the monitoring of interactions comprises: monitoring a manner in which the user reacts to the injected user-interface interference to the operation of said on-screen rotatable cylinders, and extracting a user-specific trait from the corrective reaction of the user. 
 
     
     
       4. The method of  claim 3 , wherein the presenting comprises:
 presenting an on-screen keypad of digits, and an on-screen target zone; 
 generating a drag-and-drop interface that allows the user to selectively drag individual digits, which correspond to a Personal Identification Number (PIN) that the user desires to enter, from said on-screen keypad to said on-screen target zone; 
 wherein injecting the user interface interference comprises: injecting a user interface interference to an operation of said drag-and-drop interface; 
 wherein the monitoring of interactions comprises: monitoring a manner in which the user reacts to the injected user-interface interference to the operation of said drag-and-drop interface, and extracting a user-specific trait from the corrective reaction of the user. 
 
     
     
       5. The method of  claim 3 , wherein the injected user-interface interference causes an on-screen pointer to be non-responsive for a pre-defined period of time. 
     
     
       6. The method of  claim 3 , wherein the injected user-interface interference causes an on-screen pointer to move in a route that is non-identical to a movement route of said input unit. 
     
     
       7. The method of  claim 1 , comprising:
 presenting an on-screen collection of items; 
 presenting to the user a textual notification that the user is required to select a particular item from said collection, wherein the textual notification comprise a textual instruction in a natural language that a human user is required to comprehend in order to correctly select said particular item from said collection; 
 introducing an interference to a drag-and-drop operation of said particular item; 
 checking whether a current reaction of the user to said interference, matches a user-specific profile of said user indicating past reactions of said user to said interference. 
 
     
     
       8. The method of  claim 1 , comprising:
 presenting an on-screen jigsaw puzzle as part of a login process; 
 monitoring a manner in which the user solves the on-screen jigsaw puzzle; 
 extracting a user-specific profile corresponding to the manner in which the user solves the on-screen jigsaw puzzle; 
 in a subsequent login process, checking whether (a) a current manner of the user solving the on-screen jigsaw puzzle, matches (b) the user-specific profile corresponding to the manner in which the user solved the on-screen jigsaw puzzle in previous login sessions. 
 
     
     
       9. The method of  claim 1 , comprising:
 during a log-in process and while the user enters user credentials through a mobile computing device, injecting a time-delay between (A) tapping of a character on an on-screen keyboard by the user, and (B) displaying said character on the screen of the mobile computing device; 
 monitoring user reactions to the injected time-delay between tapping and displaying; 
 extracting a user-specific profile reflecting a typical reaction of said user to injected time-delays between tapping and displaying; 
 in a subsequent log-in session, checking whether (i) a current reaction of the user to time-delay between tapping and displaying, matches (ii) the user-specific profile reflecting the typical reaction of said user to injected time-delays between tapping and displaying. 
 
     
     
       10. The method of  claim 1 , comprising:
 during a log-in process, causing an Enter key to be non-responsive to keystrokes; 
 presenting an on-screen Submit button; 
 introducing an on-screen interference to regular operation of said on-screen Submit button; 
 monitoring user reactions to the on-screen interference to the regular operation of said on-screen Submit button; 
 extracting a user-specific profile reflecting a typical reaction of said user to the on-screen interference to the regular operation of said on-screen Submit button; 
 in a subsequent log-in session, checking whether (i) a current reaction of the user to the on-screen interference to the regular operation of the on-screen Submit button, matches (ii) the user-specific profile reflecting the typical reaction of said user to the on-screen interference to the regular operation of the on-screen Submit button. 
 
     
     
       11. The method of  claim 1 , comprising:
 performing an implicit two-factor authentication process as a condition for authorizing said user to access said computerized device, 
 wherein a first-step of the implicit two-factor authentication process comprises receiving from the user a correct value of a password previously-defined by said user; 
 wherein a second-step of the implicit two-factor authentication process comprises receiving from said user said correct value in an input manner that exhibits a particular user-specific trait that had been extracted from previous input-unit interactions of said user. 
 
     
     
       12. The method of  claim 1 , comprising:
 performing an implicit two-factor authentication process as a condition for authorizing said user to access said computerized device, 
 wherein a first-step of the implicit two-factor authentication process comprises receiving from the user a correct value of a password previously-defined by said user; 
 wherein a second-step of the implicit two-factor authentication process comprises: injecting a user interface interference to an interface presented to said user; and receiving from said user said correct value in an input manner which reacts to said interference and which exhibits a particular user-specific trait that had been extracted from previous input-unit interactions of said user in response to said interference. 
 
     
     
       13. The method of  claim 1 , further comprising:
 presenting to the user, one interference at a time, a sequence of user-interface interferences that are selected one at a time from a pool of possible user-interface interferences; 
 monitoring user reactions to the user-interface interferences that were presented to the user, one interference at a time; 
 generating a user-specific general reaction model that reflects a general manner of reactions to user-interface interferences by said user; 
 generating an encryption key by using a parameter of said user-specific general reaction model; 
 encrypting a content item of said user by using said encryption key that was generated based on said user-specific general reaction model. 
 
     
     
       14. The method of  claim 13 , further comprising:
 upon a user request to decrypt said content item, performing: 
 presenting to the user a single user-interface interference, from the sequence of user-interface interferences that were selected and used for generating the user-specific general reaction model prior to said encrypting step; 
 monitoring a current reaction of said user to the single user-interface interference that is presented to the user; 
 extracting a user-specific value from the current reaction of said user to the single user-interface interference that is presented to the user; 
 calculating a decryption key based on the user-specific value that was extracted from the current reaction of said user to the single user-interface interference that is presented to the user; 
 decrypting said content item by using said decryption key. 
 
     
     
       15. The method of  claim 13 , wherein said sequence of user-interface interference comprise a sequence of at least 20 user-interface interferences, that are selected one-at-a-time from a pool comprising at least 100 user-interface interferences. 
     
     
       16. The method of  claim 1 , further comprising:
 performing stochastic encryption of a content item associated with said user, by utilizing an encryption key that is based, at least partially, on a user-specific model that reflects a general manner in which said user responds to at least 10 different user-interface interferences. 
 
     
     
       17. The method of  claim 1 , further comprising:
 performing stochastic encryption of a content item associated with said user, by utilizing an encryption key that is based, at least partially, on a user-specific model that reflects a general manner in which said user responds to a series of at least 10 different user-interface interferences that were presented to said user one interference at a time; 
 performing stochastic decryption of said content item associated with said user, by utilizing a decryption key that is based, at least partially, on a single reaction of said user to a single user-interface interference that is presented to said user in response to a user request to decrypt said content item. 
 
     
     
       18. The method of  claim 1 , further comprising:
 performing a stochastic cryptography operation which utilizes, as a cryptographic parameter, a value of a user-specific model of reaction to a user interface interference of a particular type. 
 
     
     
       19. The method of  claim 1 , further comprising:
 injecting a user interface interference to an interaction of said user with said computerized service; 
 monitoring user reaction to said user interface interference; 
 extracting a user-specific interference-specific parameter which indicates an attribute of the user reaction to said user interface interference; 
 performing a stochastic cryptography operation which utilizes, as a cryptographic parameter, a value of said user-specific interference-specific parameter which indicates said attribute of the user reaction to said user interface interference. 
 
     
     
       20. The method of  claim 19 , comprising:
 estimating a false positive margin-of-error of said stochastic cryptography operation; 
 allowing the user to perform multiple access attempts to compensate for the estimated false positive margin-of-error of said stochastic cryptography operation. 
 
     
     
       21. The method of  claim 19 , wherein the stochastic cryptography operation comprises at least one of: encryption, decryption. 
     
     
       22. The method of  claim 19 , wherein the cryptographic parameter comprises: a value of said user-specific interference-specific parameter which indicates said attribute of the user reaction to said user interface interference which is introduced during said visual login process. 
     
     
       23. A system comprising:
 a visual login module to differentiate between a first user and a second user of a computerized service, wherein the visual login module is: 
 to present an on-screen visual login interface which requires a user of the computerized service to interact with user interface elements in order to enter user login credentials for said computerized service; 
 to monitor interactions of said used via an input unit with said user interface elements of said on-screen visual login interface; 
 to extract from said interaction of the user via the input unit, a user-specific trait indicating a user-specific manner of interaction with said on-screen visual login interface; 
 based on the extracted user-specific manner of interaction, to differentiate between a first user and a second user of said computerized service; 
 wherein the visual login module is to present an on-screen vault interface having one or more on-screen cylinders, and to generate an on-screen interface that allows the user to selectively rotate the one or more on-screen rotatable cylinders in order to input a Personal Identification Number (PIN) that the user desires to enter; 
 wherein the visual login module is to monitor a manner in which the user performs rotations of the one or more on-screen rotatable cylinders, and to extract a user-specific trait from said rotations. 
 
     
     
       24. The system of  claim 23 , wherein the visual login module is to perform an implicit two-factor authentication process as a condition for authorizing said user to access said computerized device,
 wherein a first-step of the implicit two-factor authentication process comprises receiving from the user a correct value of a password previously-defined by said user; 
 wherein a second-step of the implicit two-factor authentication process comprises receiving from said user said correct value in an input manner that exhibits a particular user-specific trait that had been extracted from previous input-unit interactions of said user. 
 
     
     
       25. The system of  claim 23 , further comprising a stochastic cryptography module, wherein the stochastic cryptography module is:
 to inject a user interface interference to an interaction of said user with said computerized service; 
 to monitor user reaction to said user interface interference; 
 to extract a user-specific interference-specific parameter which indicates an attribute of the user reaction to said user interface interference; 
 to perform a stochastic cryptography operation which utilizes, as a cryptographic parameter, a value of said user-specific interference-specific parameter which indicates said attribute of the user reaction to said user interface interference.

Join the waitlist — get patent alerts

Track US9450971B2 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.